Newsroom

USA Media Coverage

‘Tis the Season for Security Resolutions, Not Predictions

As 2012 comes to a close, many security vendors have issued predictions on what security issues and trends would dominate our collective attention in the New Year. Read more

Dec 27, 2012

Be Prepared: 4 Steps to Better Data Disaster Planning

While more than a month has gone by since the devastating Hurricane Sandy hit the East Coast, the photographs and videos of the incredible destruction will be hard to forget. Read more

Dec 20, 2012

Microsoft Patches Critical Remote Flaws in Word, IE and Windows

A rare critical Microsoft Word vulnerability was patched today by Microsoft, one of seven security updates pushed out repairing 11 flaws. Read more

Dec 11, 2012

The Last Patch Tuesday of 2012

Today is the last Patch Tuesday of 2012. Its seven bulletins bring the total count for the year to 83, significantly down from last year’s 100 bulletins and even more from the 2010 count, which ended at 117 bulletins. Read more

Dec 11, 2012

Windows 8, RT to Receive More Critical Patches Next Tuesday

Windows 8 and RT are set to receive their second lineup of bug fixes when next week's Patch Tuesday rolls around. Read more

Dec 7, 2012

Microsoft Fixing 11 Vulnerabilities for December Patch Tuesday

Microsoft announced today that it plans on shipping seven bulletins, five critical, two important, for the December edition of its monthly patch Tuesday security bulletin release cycle. Read more

Dec 6, 2012

Major Exploit Hits Tumblr, Affects Over 8,600 Users

A massive attack against Tumblr appears to have impacted more than 8,600 users whose blogs are apparently becoming infected through the act of clicking on an infected site. Read more

Dec 3, 2012

Don’t Get SaaS-y with Me: 5 CloudBeat Lessons you Need to Know

Big business is embracing the cloud more than ever. Cloud tech has reached a level of acceptance in the past year, with many companies moving out of pilot projects and into full-on deployments of critical parts of their business onto cloud-based systems. Read more

Nov 30, 2012

Cloud Security Experts: Use Multi-Factor Authentication, You Dummies

If you’re not using multi-factor authentication as a company or as a consumer, you really need to start. No, seriously, go turn it on now if you can. Read more

Nov 28, 2012

Updates Browsers Still Vulnerable to Attack if Plugins are Outdated

Psst. Is your browser up-to-date? You may think you are safe because you update the Web browser regularly, but chances are you are still surfing the Web with highly vulnerable software. Read more

Nov 27, 2012

A Chat with Wolfgang Kandek, CTO, Qualys…

On November 8th, I attended the Qualys Security Conference 2012 at the Berkeley hotel in London. At the end of the day, I was lucky enough to catch up with Wolfgang Kandek, CTO of Qualys. Read more

Nov 26, 2012

Cybergangs Target Online Shoppers

Here's how cybergangs are targeting online holiday shoppers, and here's what you can do to protect yourself. Read more

Nov 26, 2012

SMBs Face the Biggest Threats from Cyber Monday Shopping

Many employees will spend a portion of their day hunting for bargains on the Monday following Thanksgiving weekend, and companies should prepare for the increased security risks. Read more

Nov 21, 2012

With Shopping Scams on the Rise, Watch for These Threats

Holiday shopping means a spike in online scams, fraud, and malware, so you need to be aware of the risks and threats, and exercise some common sense to avoid a cyber-Grinch incident. Read more

Nov 21, 2012

Half Of Machines Shopping On Cyber Monday Likely Contain Vulnerabilities

Meanwhile, businesses more worried about productivity than security threats Read more

Nov 20, 2012

Facebook Praised for Encrypting Web Access by Default

Move to HTTPS will protect users accessing the social network via public Wi-Fi networks Read more

Nov 20, 2012

Facebook to Roll Out HTTPS by Default to all Users

The connections of all Facebook users with the website will be encrypted by default Read more

Nov 20, 2012

Adobe to Fix Flash Player on Patch Tuesdays

Adobe has changed its schedule for releasing Flash Player security updates to coincide with Microsoft's Patch Tuesday schedule. Read more

Nov 19, 2012

Facebook Adopts Secure Web Pages by Default

Facebook has finally started using HTTPS by default, following a 2010 FTC demand and in the distant footsteps of Google, Twitter, and Hotmail Read more

Nov 19, 2012

Courtot Mixes Business with Extreme Skiing, Hurricane Chasing

Most Admired CEO Profile on Qualys' Philippe Courtot Read more

Nov 16, 2012

Beyond Antivirus Software: Eclectic PC Security Tools for System-Wide Audits

Welcome to a harsh reality: Relying on an ostensibly comprehensive antivirus suite just doesn't cut it in 2012. Read more

Nov 13, 2012

'Multiple Vulnerabilities' Found in Windows 8

Security firm Vupen says it has found several serious security loopholes in the new Windows 8 operating system (OS). Read more

Nov 8, 2012

Despite Windows 8 Zero-Day, Vendors Laud Security of New Microsoft OS

Security experts at several security firms are heralding Windows 8, Microsoft's new endpoint platform, as the safest operating system to date. Read more

Nov 8, 2012

Adobe, Now ‘Married’ to Microsoft, Moves Flash Updates to Patch Tuesday

Will sync Flash security updates with partner's monthly schedule Read more

Nov 7, 2012

Vupen Claims “Remote Code Executiion” on Windows 8

Reminds the industry that Windows is unlikely to ever be bulletproof, says one security expert Read more

Nov 2, 2012

Flaws patched in Apple's Safari browser and iOS 6

Apple has released updates to address flaws in its Safari 6 web browser and iOS 6 mobile operating system. Read more

Nov 2, 2012

Government-Funded Hackers Say They've Already Defeated Windows 8's New Security Measures

Last week’s Windows 8 launch wasn’t just a major product release for Microsoft. It seems to have been a banner day for the government-funded hackers who take Microsoft’s software apart, too. Read more

Oct 31, 2012

Windows 8 Security: Mostly Good, Some Bad

Even though Microsoft's Windows 8 is not specifically a security release, the new Secure Boot and better memory management hardens the desktop against attackers. Read more

Oct 26, 2012

Windows 8 Raises the Bar for PC Security

Security features in Windows 8 that will keep your PC and data safe. Read more

Oct 26, 2012

Windows 8 Security Focuses on Early Malware Detection

In Windows 8, Microsoft has greatly improved the operating system's ability to detect malware before it has a chance to run, experts say. Read more

Oct 26, 2012

Qualys Adds Vulnerability Prediction Capabilities To QualysGuard Platform

Qualys has updated two of its products to help administrators better manage vulnerabilities and mitigation, the company said Wednesday at its own Qualys Security Conference in Las Vegas Read more

Oct 24, 2012

SSL Implementation Flaws Found in Many Android Apps

A study conducted by German researchers found that more than 1,000 out of 13,500 Android applications contained serious flaws in their SSL implementation Read more

Oct 23, 2012

inShare Permalink RSS Russian Service Rents Access To Hacked Corporate PCs

Service provides stolen remote desktop protocol credentials, letting buyers remotely log in to corporate servers and PCs, bypassing numerous security defenses. Read more

Oct 23, 2012

Zero-Day Attacks Long-Lived, Presage Mass Exploitation

Zero-day attacks escape detection for an average of 10 months; once they go public, attacks multiply dramatically, researchers find Read more

Oct 18, 2012

Apple Tries to Kill its Own Java on Most Macs

Apple took other measures to shove Mac owners towards Oracle, including removing Java options from the Preferences window. Read more

Oct 18, 2012

Zero-Day Arracks Escape Detection for Nearly a Year: Symantec Study

Attacks using undisclosed “zero-day” vulnerabilities remain hidden for anywhere from 19 days to 30 months, according to new research that found eleven previously undetected attacks. Read more

Oct 18, 2012

Oracle Squashes 109 Bugs in Quarterly Patch Batch

Hot fresh Java will flush parasites from your system Read more

Oct 17, 2012

3 Must-Fix Vulnerabilities Top Oracle CPU Patches

Two CVSS 10.0 and one 9.0 flaws top the charts on a Critical Patch Update list chock full of remotely exploitable vulnerabilities Read more

Oct 17, 2012

Web App Design at the Core of Coding Weaknesses, Attacks, Says Expert

Developers need to work on creating strong designs for Web applications by rethinking their coding practices and the process in place to fix bugs Read more

Oct 16, 2012

More Banks Come Under Denial-of-Service Attack

Capital One and SunTrust came under attack this week using denial-of-service techniques that are evading defenses meant to blunt such attacks Read more

Oct 13, 2012

Mozilla Praised for Pulling Flawed Firefox 16

Move shows commitment to privacy, but experts say Google's Chrome and Microsoft's Internet Explorer are more secure Read more

Oct 12, 2012

Qualys Expands QualysGuard PCI Cloud Platform

Qualys has expanded QualysGuard PCI to assist organizations of all sizes to meet Payment Card Industry (PCI) Data Security Standards (DSS), including new internal scanning requirements. Read more

Oct 12, 2012

Application Vulnerability Disclosures Rise, Microsoft Finds

Application vulnerabilities are on the rise in 2012 Read more

Oct 11, 2012

U.S. Security Vendors Wary of Chinese Telecom Suppliers, Call for Transparency

Qualys CEO: Huawei needs to "disconnect" from Chinese government Read more

Oct 10, 2012

Your October 2012 Patch Tuesday Update from Microsoft

Microsoft released seven bulletins in Windows, Office and SQL Server today as part of its monthly update cycle. Read more

Oct 9, 2012

1 'Critical' Item and 2 Advisories in Microsoft's October Security Update

For the second month in a row, Microsoft is releasing an uncharacteristically light security update. Read more

Oct 9, 2012

Microsoft Patches Critical Word Flaw; Certificate Key Length Changes are Official

Microsoft rolled out seven security updates today, including a fix for a critical remotely exploitable Word vulnerability Read more

Oct 9, 2012

Microsoft Addresses Critical Word Flaws, New RSA Key Length

Microsoft will begin requiring digital certificates to support an RSA key length of at least 1024 bits today, in accordance with a security advisory being pushed through Windows Update. Read more

Oct 9, 2012

25 Critical Updates in Adobe Flash Fix

Just slightly out of kilter with today’s Microsoft ‘Patch Tuesday’, Adobe yesterday issued a patch for 25 Flash vulnerabilities Read more

Oct 9, 2012

The Challenges of Securing Enterprises in a BYOD World

BYOD is a growing reality, as employees are connecting a greater number of devices to enterprise networks on a daily basis, and CIOs and CSOs must prepare accordingly. Read more

Oct 8, 2012

October Patch Tuesday Preview

After a very light September, October’s Patch Tuesday will revert to normal with seven security bulletins from Microsoft: one labeled critical and six labeled important. Read more

Oct 5, 2012

Patch Tuesday: Microsoft's October Update Will Fix Security Vulnerabilities in Office

This month's release has seven bulletins--just one of them critical. Read more

Oct 5, 2012

Microsoft to Patch 20 Bugs Next Week in Month of Office Updates

Single critical update will fix serious flaws in Office 2007, 2010 on Windows that hackers could use to hijack PCs Read more

Oct 4, 2012

October 2012 Patch Tuesday: One Critical Bulletin Expected

Microsoft's October 2012 Patch Tuesday release will include seven bulletins, one deemed critical and six as important Read more

Oct 4, 2012

Malicious Copy of MySQL Tool Distributed Through SourceForge Mirror

A compromised copy of the MySQL administration tool phpMyAdmin was being served up via a SourceForge mirror site based in Korea that has since been taken out of the rotation, officials said. Read more

Sep 26, 2012

inShare Permalink RSS Microsoft IE Patch Fixes Flaw Under Active Attack

Microsoft wins praise for quickly addressing five remote-execution security vulnerabilities, one of which is being used now in attacks Read more

Sep 24, 2012

Clues, Experts Say Microsoft Knew of IE Zero-Day for Weeks Before Patching

Bug-bounty program may have reported the browser flaw to Redmond in July Read more

Sep 23, 2012

The Geography of HTML5 Security

Book author and Qualys Director of Engineering Mike Shema outlines HTML5 security Read more

Sep 22, 2012

Microsoft Releases Emergency IE Patch

Microsoft has released an out-of-band update fixing at least five vulnerabilities in Internet Explorer Read more

Sep 21, 2012

Apple Goes Against Grain, Extends Support for Snow Leopard

'Might be a Windows XP-like effect,' notes one security expert of Apple's patching of OS X 10.6 Read more

Sep 20, 2012

Redmond Promised Emergency IE Bug Fix on Friday (zero day +5)

Keep calm and carry on, advise security types Read more

Sep 20, 2012

Huge iTunes Patch: Apply It and Move On

Although 163 security fixes is a big update for any product, Apple users should be more concerned with recent Java issues Read more

Sep 17, 2012

Apple Plugs 163 iTunes Security Holes

Security researcher Wolfgang Kandek said he doesn't believe iTunes is high on the priority list of attackers -- and it is possible none of the vulnerabilities could actually be exploited through iTunes. Read more

Sep 14, 2012

The Perfect CRIME? New HTTPS Web Hijack Attack Explained

BEASTie boys reveal ingenious login cookie gobble Read more

Sep 14, 2012

'CRIME' Attack Abuses SSL/TLS Data Compression Feature to Hijack HTTPS Sessions

SSL/TLS data compression leaks information that can be used to decrypt HTTPS session cookies, researchers say Read more

Sep 13, 2012

Microsoft to Patch Adobe Flash Player in Windows 8 'Shortly'

Microsoft said it will update Adobe Flash Player to close security holes before Windows 8 is generally available Read more

Sep 13, 2012

Crack in Internet’s Foundation of Trust Allows HTTPS Session Hijacking

Attack dubbed CRIME breaks crypto used to prevent snooping of sensitive data Read more

Sep 13, 2012

Microsoft Changes Mind; Will Patch Flash on IE 10 Before Windows 8 Ships

Microsoft has reversed course and said it will patch a serious Adobe Flash vulnerability in Windows 8 and Internet Explorer 10 before the new Microsoft OS ships Oct. 26. Read more

Sep 12, 2012

Experts Urge Prep for Microsoft’s Cert-Blocking Update

Scan networks for too-short keys, audit systems, test Oct. update before it rolls out, urge security pros Read more

Sep 12, 2012

Microsoft to Patch Windows 8 Flash Bug Before OS Released

No patching before release meant the forthcoming operating system would be vulnerable to attack immediately after it was made available Read more

Sep 12, 2012

Web Application Firewalls and IPv6

Does your WAF protect against IPv6 attacks? Read more

Sep 11, 2012

Microsoft’s September Patch Tuesday Load Lighter Than Usual

With only two updates released on September's Patch Tuesday, Microsoft is going easy on IT departments this month Read more

Sep 11, 2012

The September Lull: Microsoft Releases But Two Bulletins for This Month’s Patch Tuesday

Today Microsoft announced and detailed the updates component to the latest edition of its monthly security update cycle Read more

Sep 11, 2012

Microsoft Ships Two Bulletins in September Security Update

The Microsoft security team shipped just two bulletins - resolving as many holes - in the September, 2012 edition of Patch Tuesday. Read more

Sep 11, 2012

RSA Key Length Change Should be Priority in September 2012 Patch Tuesday

Microsoft will be restricting Windows certificate acceptance rules next month and security experts indicate that since September has few software updates, security teams should prepare for the changes. Read more

Sep 11, 2012

Why Are Web Applications a Security Risk?

The CTO of Qualys explains how the shift from traditional to Web applications will require developers to raise their security games. Read more

Sep 7, 2012

September’s Patch Tuesday is a Lightweight

But “we’d like to remind you about an important change to Windows’ certificate requirements,” says Microsoft – so September is still going to be a busy month for sys admins. Read more

Sep 7, 2012

Microsoft’s September Patch Tuesday Easy; October, Not So Much

September's Microsoft Patch Tuesday preview is shaping up to be a fairly simple one Read more

Sep 6, 2012

Get Ready: Microsoft is Raising the Bar for Encryption Keys

Next Tuesday is already Patch Tuesday for September, but Microsoft only has a couple of relatively minor updates lined up. Don’t get too comfortable, though—you need to prepare for the changes Microsoft is making next month for cryptographic keys. Read more

Sep 6, 2012

Microsoft Gives Users a Patch Break, and Time to Prep for Certificate Slaying

Use the light Patch Tuesday to get ahead of key invalidation update slated for October, say experts Read more

Sep 6, 2012

Microsoft Plans Two 'Important' Security Updates for Foxprom, System Management Server

Compared to what we've seen for much of this year, September is shaping up to be quiet on the Microsoft patching front. Read more

Sep 6, 2012

Malware Analysis Tools and Techniques Failing But Researchers Aim For Improvement

Hardened cryptographic algorithms and other defensive capabilities are making reverse engineering and analysis increasingly difficult for malware researchers Read more

Sep 2, 2012

ABCs Of Factoring Risk Into Cloud Service Decisions

Taking an empirical, risk-based approach to deciding on third-party, shared-infrastructure services Read more

Aug 31, 2012

Java Sandboxing Could Thwart Attacks, but Design May be Impossible

Cybercriminals are targeting known Java vulnerabilities and discovering zero-day exploits Read more

Aug 29, 2012

Six Ways to Protect Against the New Actively Exploited Java Vulnerability

Methods for users to protect their computers from attacks that target a new and yet-to-be-patched vulnerability in all versions of Java Runtime Environment 7 Read more

Aug 28, 2012

Newly Discovered Java Flaw Seen Exploited in Wild

Information on a Java flaw that has been seen in targeted attacks in the wild Read more

Aug 28, 2012

Dropbox Going Two-Factor, Becoming De Facto

Move comes four weeks after the popular online file sharing service was hit by an embarrassing spam attack Read more

Aug 28, 2012

Attack Code Surfaces Targeting Java Zero-Day Flaw

Security researchers at FireEye Inc. are warning of a new zero-day vulnerability affecting the latest version of Java Read more

Aug 28, 2012

Serious New Java Vulnerability Discovered

An attack that targeted a previously unknown security hole in Java has recently been spotted. Read more

Aug 28, 2012

Java 7 Under Attack: Researchers Advise It Be Disabled During the Interim

Security researchers are urging channel partners and administrators to limit use of Java 7 while they work to resolve a new zero-day exploit in Java 7 Read more

Aug 27, 2012

Warning: Java Zero Day Flaw Under Attack

A zero-day vulnerability in Java is being actively exploited in the wild. Read more

Aug 27, 2012

Emergency Adobe Update APSB12-19 Addresses More Flash Player Flaws

Adobe Systems Inc. has released six security updates in Security bulletin APSB12-19 Read more

Aug 22, 2012

New Patches for Adobe Flash Player

Adobe has issued new patches for Flash on Windows, Mac, Linux and Android, for Air on Windows and Mac, and for the Air SDK. Read more

Aug 22, 2012

Patch Tuesday Déjà vu: Adobe Patches Flash…Again

Double-Take for IT Admins Read more

Aug 22, 2012

How To Protect Your Commercial Web Server

Public Internet servers are among criminals’ favorite targets. Is your security strategy up to the challenge? Read more

Aug 22, 2012

Apache Patches Fifty Bugs, Two Security Flaws, in Web Server

The Apache Software Foundation has fixed over fifty bugs, including two security vulnerabilities, in its venerable Web server software. Read more

Aug 22, 2012

Former White House Cybersecurity Official Joins Start-Up

Former cybersecurity officials work with start-ups Read more

Aug 21, 2012

August 2012 Patch Tuesday Fixes Flaw Being Actively Targeted By Attackers

Microsoft issued nine security bulletins, addressing 26 vulnerabilities in its August 2012 Patch Tuesday Read more

Aug 14, 2012

August Patch Tuesday: Microsoft Fixes XML, IE, and Oracle Flaws

Microsoft patches 26 vulnerabilities -- and revisits the XML patch from the July update. Read more

Aug 14, 2012

Ready, Set, Patch! Microsoft Releases Nine Security Updates for Multiple Products

This month's patch load: Nine bulletins, 5 of which are critical, that address 27 vulnerabilities. Read more

Aug 14, 2012

August’s Patch Tuesday Brings 9 Bulletins, Fixes 27 Vulnerabilities

This month’s updates include 9 total bulletins, 5 of which are rated as ‘critical,’ addressing a total of 27 vulnerabilities. Read more

Aug 14, 2012

8 of 9 Microsoft August Bulletins Battle RCE Flaws

Microsoft's monthly Security Update arrived today with nine bulletins addressing 26 vulnerabilities. Read more

Aug 14, 2012

Critical Security Fixes from Adobe, Microsoft

Adobe and Microsoft each issued security updates today to fix critical vulnerabilities in their software. Read more

Aug 14, 2012

5 Benefits of IT Compliance Programs

Non-security benefits of compliance include improved asset management, streamlined IT operations, and bolstered intelligence about technology and business processes Read more

Aug 13, 2012

August Patch Tuesday Heats Up with Five Critical Security Bulletins

Five of Microsoft’s nine security bulletins set to be shipped Tuesday plug critical security flaws in a range of products. Read more

Aug 13, 2012

Security Manager’s Journal: At Budget Time, you Ask and Hope to Receive

Our manager has a long wish list as the annual budget time rolls around once again. Read more

Aug 13, 2012

A Sneak Peek At Microsoft’s August Patch Tuesday

Microsoft prepares to release next week's August edition of Patch Tuesday Read more

Aug 10, 2012

Vendors Roll Out Mobile Security, Vulnerability and Forensics Tools

A look at some of the releases from Black Hat, as well as the latest vulnerability management and forensics products Read more

Aug 6, 2012

Third Parties Are IAM's Third Wheel

Connections with suppliers, partners, and contractors need better foresight and planning Read more

Aug 6, 2012

Outlook.com Passwords: Does Length Really Matter?

Read more

Aug 2, 2012

U.S. Cyber Coordinator Moves on

What does the nation's first cyber security coordinator do for an encore on leaving government service? Read more

Aug 1, 2012

ASEF Android Tool Analyzes App Security and Behavior

A researcher at Qualys has released a new tool designed to allow users to evaluate the security and behaviors of the apps installed on their Android devices. Read more

Aug 1, 2012

Hackers Increasingly Aim for Cross-Platform Vulnerabilities

A Microsoft security researcher says malware makers seek 'economies of scale' Read more

Aug 1, 2012

HTML5 WebSockets Identified As Security Risk

WebSockets offer the promise of improved TCP connections, but do they also invite new forms of attack on your applications and infrastructure? Read more

Jul 31, 2012

Black Hat 2012: Rodrigo Branco on New Malware Research Database

In this interview with SearchSecurity.com News Director Robert Westervelt, Rodrigo Branco, director of vulnerability and malware research at Qualys, discusses his new malware analysis system. Read more

Jul 27, 2012

Qualys adds IPv6 support to FreeScan

Qualys announced at Security B-Sides Las Vegas that FreeScan now includes support for IPv6. Read more

Jul 26, 2012

Qualys Adds IPv6 Support to FreeScan Service

Using FreeScan, organizations can now scan IPv6 devices to detect possible vulnerabilities and take the steps necessary to remediate them. Read more

Jul 26, 2012

New Tool Gives 150 Ways to Bypass Web App Firewalls

Released at Black Hat, tool can test if web application firewalls are vulnerable to protocol-level evasion techniques Read more

Jul 25, 2012

Qualys Open-Source Mobile Security Tool Debuts at Black Hat

A new open-source framework from Qualys called ASEF is set to debut at the Black Hat Security conference this week. The tool lets anyone parse Android apps and figure out if there are risks. Read more

Jul 24, 2012

Qualys Announces General Availability Of Its Dynamic Asset Tagging and Management Technology

Technology enables customers to identify, categorize, and manage large numbers of assets in highly dynamic IT environments Read more

Jul 24, 2012

Black Hat Makes Light of Accidental Password-Reset Email

A Black Hat volunteer mistakenly sent to 7,500 conference goers a password-reset email that was initially thought to be a phishing attempt. Read more

Jul 24, 2012

Black Hat 2012: Hackers to Explore Malware Analysis, Next-Gen Attacks

Researchers will share insights into next-generation malware and hacker techniques at the 2012 Black Hat Briefings in Las Vegas next week. Read more

Jul 20, 2012

Mobile and Web Security Will Be Major Topics at Black Hat

Mobile and Web Security Will Be Major Topics at Black Hat Read more

Jul 20, 2012

Ten Must-See Black Hat 2012 Sessions

A selection of talks, recommended for all audiences and guaranteed to be hits. Read more

Jul 18, 2012

Firefox 14 Gets Kudos for Security

'They're doing great work in the security area,' says security firm CTO of open source browser group Mozilla Read more

Jul 18, 2012

'Waldo' Finds Ways To Abuse HTML5 WebSockets

Black Hat USA researchers to release free hacking tool and demonstrate how new communication channel could be used for XSS, denial-of-service, and hiding malicious or unauthorized traffic Read more

Jul 17, 2012

Will Advanced Attackers Laugh At Your WAF?

Companies should not trust vendors' claims about Web application firewalls, says security engineer who at Black Hat USA will show 150 different ways attackers can get around Web defenses Read more

Jul 17, 2012

How to Make Your Website Hacker-Proof

Simple steps to avoid trouble Read more

Jul 12, 2012

Your Birthday Is a Terrible Password

A Qualys researcher used pattern-matching analysis to find date-based passwords in the LinkedIn hash dump Read more

Jul 12, 2012

July’s Patch Tuesday Brings 9 Bulletins, Addressing Some 16 Vulnerabilities Including a Critical Fix IE9

Read more

Jul 10, 2012

Patch Tuesday: Microsoft Pushes Nine Fixes For 16 Flaws

Microsoft on Tuesday issued nine security bulletins to address three "critical" and six "important" security issues. Read more

Jul 10, 2012

Microsoft’s July Security Update Arrives With Unexpected IE Fix

Microsoft released its monthly security rollout today, which includes three fixes rated "critical" and six designated "important." Read more

Jul 10, 2012

Microsoft Fixes XML Flaw as Attackers Circle in Patch Tuesday Update

Microsoft plugged a number of security holes today impacting Windows, Internet Explorer and other products as part of its monthly security update. Read more

Jul 10, 2012

Microsoft Patches XML Flaw Under Attack and 15 More Vulnerabilities

Read more

Jul 10, 2012

July Patch Tuesday: XML 5 Still Vulnerable

Microsoft fixes some -- but not all -- XML flaws in the July Patch Tuesday security update. Meanwhile, Internet Explorer is set to get more frequent patches. Read more

Jul 10, 2012

Microsoft Patch Tuesday Takes Aim At Key XML, IE9 Vulnerabilities

Microsoft has released nine bulletins addressing 16 vulnerabilities Read more

Jul 10, 2012

Patch Tuesday Preview, July 2012

Read more

Jul 9, 2012

Malware Monday: Last-Minute Checks to Avoid Internet Shutdown

Malware Monday is July 9 Read more

Jul 8, 2012

How To Test Your Computer For DNS Changer Malware

The malware could cause as many as 64,000 Americans' computers to lose Internet service on Monday. Read more

Jul 7, 2012

Microsoft's XML 0-day fix expected in July Patch Tuesday

Hack attack smack Read more

Jul 6, 2012

There Is No Excuse for Still Being Infected with DNSChanger

The FBI estimates that as many as 275,000 PCs are still at risk of losing access to the Web on Monday Read more

Jul 6, 2012

Patch Tuesday: Time to Use the Flame-Retardant Windows Update Client

Updated Windows Update software fixes vulnerabilities exploited by Flame malware Read more

Jul 5, 2012

Microsoft Prepping 9 Fixes for July's Patch

Microsoft is readying three "critical" bulletins and six "important" items for this month's security update Read more

Jul 5, 2012

Researchers Use Cloud To Clear Up Malware Evasion

An analysis project surveys the techniques used by malware to evade security software and plans to turn the research into a service to analyze malware Read more

Jul 3, 2012

Former White House Cyber Czar Rejoins Private Sector

Former White House Cyber Coordinator Howard Schmidt, who retired in May, has landed back in the private sector. Read more

Jul 2, 2012

If Security Were The Only Factor, a Windows 8 Upgrade Would Be A No-Brainer

Windows 8 benefits from a decade of Microsoft security focus Read more

Jun 30, 2012

4 Signs That Apple's Sharpening Its Security Game

Apple is quietly making some subtle, incremental security moves in the face of new threats to its products Read more

Jun 28, 2012

Former Cybersecurity Czar Howard Schmidt Joins Qualys Board of Directors

Qualys announced this week that former cybersecurity czar Howard Schmidt will join the company’s Board of Directors Read more

Jun 27, 2012

Changes to PCI rules: What you need to know

Changes to PCI rules: What you need to know Read more

Jun 27, 2012

Howard A. Schmidt, Former White House Cybersecurity Coordinator, Joins Qualys Board of Directors

Distinguished global authority on Internet security and critical infrastructure to bring public sector expertise and help expand industry collaboration Read more

Jun 26, 2012

Qualys helps businesses comply with Cookie Directive

QualysGuard WAS identifies cookies that have been issued without the user’s consent Read more

Jun 25, 2012

Qualys Helps Organizations Comply With EU Cookie Directive

QualysGuard Web Application Scanning (WAS) service will be able to help customers identify Web application cookies in order to help organizations comply with the European Union (EU) Cookie Directive Read more

Jun 25, 2012

The 50 Most Powerful People In Enterprise Tech

The 50 biggest movers and shakers in enterprise tech Read more

Jun 22, 2012

Microsoft Windows Update SSL Certificate Gets Failing Grade

Nonetheless, there's no hard evidence Win Update is unsafe, crypto expert says. Read more

Jun 18, 2012

VMware Patches Virtualization Flaws

Bugs would allow attackers with administrator-level access to cause a denial of service or even take control of a targeted environment. Read more

Jun 18, 2012

Vulnerabilities in Open Source WAF ModSecurity

Guest post from Qualys' Ivan Ristic on ModSecurity update Read more

Jun 18, 2012

Qualys Brings Security, Compliance Platform to Private Clouds

Qualys recently introduced a private cloud version of its QualysGuard Cloud Platform Read more

Jun 15, 2012

Qualys Unveils Private Cloud Version of Security Package

Qualys introduced this week a private cloud version of its QualysGuard Cloud Platform Read more

Jun 14, 2012

Oracle and Apple Update Java – and So Should You

Of particular note with the Oracle June Java update is the fact that Apple is also updating Java at the same time. Read more

Jun 14, 2012

Microsoft Readies Post-Flame Windows Update Changes

Paused limited test update for Patch Tuesday, will feed more secure update client 'in a few days' to stymie Flame-like attacks Read more

Jun 13, 2012

Your June 2012 Patch Tuesday Update

Microsoft released seven security bulletins addressing approximately 27 vulnerabilities scattered across Windows, Internet Explorer, Dynamics AX, Microsoft Lync, and the .NET Framework Read more

Jun 12, 2012

June’s Patch Tuesday Brings in 7 Bulletins, Addresses 27 Vulnerabilities

June’s Patch Tuesday has some seven bulletins, of which three are rated critical, that address some 27 vulnerabilities. Read more

Jun 12, 2012

Internet Explorer RCP Fix Highlights June’s Security Update

Microsoft released its June patch today, which includes three "critical" security items and four "important" bulletins Read more

Jun 12, 2012

Stolen LinkedIn Passwords Can Sell for as Low as $1

Read more

Jun 12, 2012

Qualys Introduces Private Cloud Version of QualysGuard Platform

Customers can host and operate the security and compliance platform within their data centers Read more

Jun 12, 2012

Qualys Launches Private Cloud Version of Security and Compliance Platform

Security provider Qualys has launched its QualysGuard Private Cloud Platform Read more

Jun 11, 2012

Qualys Releases Virtualized Private Cloud

Allows customers to host and operate the security and compliance platform within their data centers to meet the varying needs of Private, Community, Public, and Hybrid Cloud services Read more

Jun 11, 2012

Qualys Launches Private Cloud Version of QualysGuard Platform

Qualys today introduced a private cloud version of its QualysGuard Cloud Platform Read more

Jun 11, 2012

Lessons Learned From Cracking 2 Million LinkedIn Passwords

Read more

Jun 8, 2012

Dissecting LinkedIn's Response to the Password Breach

Read more

Jun 8, 2012

PCI Requires Merchants to Pass Internal Vulnerability Assessments

The PCI Standards Security Council will require merchants to show proof of passing an internal vulnerability assessment beginning June 30, noted Alex Quilter, director of PCI at Qualys. Read more

Jun 8, 2012

Microsoft to Repair Internet Explorer Fault Discovered at Hacking Contest

Patch Tuesday will deal with exploit demoed at Pwn2Own competition Read more

Jun 8, 2012

Microsoft’s June Security Patch To Deliver 3 Critical Windows Fixes

Microsoft's monthly security update will be arriving this Tuesday, and it's already turning out to be a replay of sorts. Read more

Jun 7, 2012

Microsoft's Reaction to Flame Shows Seriousness of 'Holy Grail' Hack

Company's fast, sweeping response proves how critical it considers Windows Update Read more

Jun 7, 2012

5 Ways You’re Wasting Compliance Dollars

Fighting redundancy and ineffectual practices leaves more money for meaningful security Read more

Jun 4, 2012

Passing the Internal Scan for PCI DSS 2.0

Insight on the updated PCI DSS requirement, highlighting the need for internal vulnerability scanning Read more

Jun 4, 2012

Tips to Speed up Your Security Patching

Software patching is a relatively simple task, and is an increasingly critical key to defend against security breaches by hackers armed with vulnerability scanners. Read more

May 28, 2012

Project Finds, Purges Vulnerable Code Snippets From The Net

Community effort hopes to clean up insecure code found in the public domain Read more

May 23, 2012

Top 10 Patching Hurdles and How to Overcome Them

Common hurdles for patching and tips that organizations can use to move toward a better patching posture. Read more

May 23, 2012

Apple Releases QuickTime 7.7.2 for Windows, Fixes 17 Flaws

Apple QuickTime version 7.7.2 is out, fixing 17 security vulnerabilities in the multimedia framework. Read more

May 17, 2012

Apple Security Update Fixes QuickTime Vulnerabilities

Guest post from Rodrigo Branco, Director of Vulnerability and Malware Research at Qualys, about Apple's latest advisory. Read more

May 16, 2012

Apple Issues QuickTime Patch for Windows, OSX Users Safe

Apple issued a QuickTime update for Windows users on Tuesday night, patching 17 vulnerabilities that were not known to be in the wild yet. Read more

May 16, 2012

Google Unleashes Chrome 19, Flattens 20 Bugs

Hot fuzz spawns QuickTime patch Read more

May 16, 2012

Qualys Adds Security Experts to CTO/CSO Advisory Board

Read more

May 14, 2012

Apple's OS X, Safari Updates Improve OS X Security

Apple is legendary for its iron-fist control over what can or cannot run on its operating system. However, there are signs the company is beginning to relinquish some of the responsibility back to the vendors. Read more

May 12, 2012

Why Do Software Holes Take So Long to Fix?

Experts weigh in about how long it takes for vendors to patch vulnerabilities. Read more

May 10, 2012

New .secure Internet Domain On Tap

'Safe neighborhood' top-level domain will require SSL, DNSSEC, and other security measures for websites Read more

May 10, 2012

Apple OS X Update Puts Elderly Flash Out Of Its Misery

Security fixes include new Safari that executes old plugins Read more

May 10, 2012

Apple Auto-Disables Outdated Versions of Flash Player In Latest Software Update

Following a recent update to its iOS software that addressed several security issues with Apple’s mobile devices, the Cupertino tech titan pushed another significant software update today, this time for its flagship Mac OS X operating system and Safari Web browser. Read more

May 10, 2012

10 Years of Trustworthy Computing: The Current State of Windows Security

A decade after launching its Trustworthy Computing initiative, Microsoft has come a long way but faces new challenges. Read more

May 10, 2012

Your May 2012 Patch Update from Microsoft

Microsoft has just released seven bulletins -- three critical and four important -- addressing 23 vulnerabilities, as part of its monthly Patch Tuesday rollout. Read more

May 8, 2012

Microsoft Releases Seven Security Updates

This month, Microsoft released seven bulletins, three critical and four important, that addressed a total of 23 vulnerabilities. Read more

May 8, 2012

Microsoft Fixes Critical Flaws with Patch Tuesday Updates

Microsoft released a total of seven new security bulletins for May’s Patch Tuesday. Read more

May 8, 2012

Adobe and Apple Patch Vulnerabilities

Adobe released a patch to cover a critical update in Flash at the end of last week. Read more

May 8, 2012

‘May Day, May Day’: Microsoft Scrambles to Plug Critical Holes

Microsoft plans to ship in May seven security bulletins, including three critical bulletins to plug remote code execution holes in Microsoft Windows, Office, .NET Framework, and Silverlight. Read more

May 7, 2012

Adobe Patches Flash Player Bug as Hackers Attack IE for Windows

Adobe released an emergency update today to fix a critical vulnerability in Adobe Flash Player for Windows, which has come under attack. Read more

May 4, 2012

May's Patch Tuesday to Address Vulnerabilities in Windows, Office

The upcoming Patch Tuesday, scheduled to take place May 8, will include seven security bulletins addressing a total of 23 vulnerabilities. Read more

May 4, 2012

A Patch Is Not Always a Patch

Sometimes a patch is not actually a patch; it is a configuration workaround. Read more

May 4, 2012

Most Secure Websites Aren't

Did you know that most ‘secure’ websites actually aren’t all that secure? Read more

May 4, 2012

Microsoft Announces 7 Bulletins for May 2012 Patch Tuesday, Closes Book on MAPP Data Leak

In addition to its advance notification for Patch Tuesday, Microsoft uncovers the party responsible for leaking security information and exposing customers to attacks against RDP Read more

May 3, 2012

May 2012 Patch Tuesday Includes 7 Bulletins, 2 Critical

Security Bulletin Advance Notification released on Thursday provides Patch Tuesday preview. Read more

May 3, 2012

Oracle Addresses 0-day "TNS Poison"

Guest post from Wolfgang Kandek on Oracle's workaround for Oracle Database vulnerability CVE-2012-1675 Read more

May 2, 2012

Global Dashboard for Monitoring the Quality of SSL Support

Guest post from Ivan Ristic about SSL Pulse, a continuously updated dashboard that is designed to show the state of the SSL ecosystem at a glance. Read more

May 1, 2012

Trustworthy Internet Movement Builds SSL 'Avengers'

Industry's top names in SSL development agree to join task force Read more

Apr 30, 2012

8 Reasons Conficker Malware Won’t Die

Poor corporate password practices and continuing use of Autorun help explain why eradicating this three-year-old worm has been so difficult. Read more

Apr 30, 2012

Sick SSL Ecosystem: 90% of HTTPS Sites Insecure, 75% Vulnerable to BEAST Attack

Trustworthy Internet Movement's SSL Pulse shows 90% of the world's 200,000 most popular websites with HTTPS-enabled are actually insecure and 75% are vulnerable to the BEAST attack. Read more

Apr 29, 2012

Microsoft: Conficker Worm Still a Major Threat

Weak security passwords and overlooked security updates have kept Conficker, a malware 'worm' first reported in 2008, alive and well. Read more

Apr 27, 2012

Microsoft Conficker Work Remains ‘Ongoing’ Threat

Three-year-old 'dead' Windows worm infection is still spreading -- mainly via weak or stolen passwords, new Microsoft report says Read more

Apr 25, 2012

Microsoft: Conficker Worm Continues to Plague Enterprises

The notorious Conficker worm, which began infecting Windows systems in 2008 but has not had a new variant in more than two years, continues to dog enterprises more than three years later, according security experts at Microsoft. Read more

Apr 25, 2012

Oracle Patches 88 Issues in Mammoth Security Update

Oracle released 88 security fixes addressing vulnerabilities in over 35 products in its portfolio as part of its Critical Patch Update. Read more

Apr 17, 2012

Oracle Patches 88 Vulnerabilities

Oracle will release 88 vulnerability fixes across hundreds of its offerings as part of a scheduled quarterly security update. Read more

Apr 16, 2012

SSL/TLS Deployment Best Practices

SSL/TLS is a deceptively simple technology. It is easy to deploy, and it just works… except that it does not, really. Read more

Apr 16, 2012

Two Mac Trojans: Apple Patching Fast Enough?

Apple Friday released a Java security update to battle the Apple OS X malware known as Flashback. Read more

Apr 16, 2012

Oracle to Issue Quarterly Patches Next Week

As part of its scheduled quarterly security update, Oracle announced that on Tuesday it will release 88 new vulnerability fixes across hundreds of its offerings, covering more than 30 product lines. Read more

Apr 13, 2012

Apple Issues Software Update to Fix Flashback Vulnerabilities and Disable Java

Apple released a software update last night for Java in order to remove the most common variants of the Flashback malware. Read more

Apr 13, 2012

Flashback Malware Removal Cleverly Reduces Risks for Macs

Better late than never? Apple has released the third Java update in a week for Mac OS X, and this one contains the tool to remove the Flashback malware from infected systems. Read more

Apr 13, 2012

Microsoft begins final two years of support for XP

Microsoft has confirmed that it will end support for Windows XP and Office 2003 in two years. Read more

Apr 11, 2012

End of Windows XP Support Era Signals Beginning of Security Nightmare

Consumer, corporate and even SCADA systems could be at risk when Microsoft stops supporting Windows XP. Read more

Apr 11, 2012

Adobe, Microsoft Issue Critical Updates

Adobe and Microsoft today each issued critical updates to plug security holes in their products. Read more

Apr 10, 2012

Microsoft April 2012 Patch Tuesday Repairs Critical IE Flaws, ActiveX Control Issue

Microsoft issued a major browser security update, repairing critical Internet Explorer flaws as part of its April 2012 Patch Tuesday. Read more

Apr 10, 2012

Microsoft Released Six Comprehensive Security Updates

This month Microsoft issued six bulletins, four critical, two important, addressing 11 distinct vulnerabilities. Read more

Apr 10, 2012

Microsoft's Patch Tuesday Brings Seven Critical Fixes

Bulletins warn of SQL Server, Visual Basic, IE threats as well Read more

Apr 10, 2012

Microsoft Patches Critical Windows Zero-Day Bug That Hackers Are Now Exploiting

Fixes first security flaw in Windows 8 Consumer Preview Read more

Apr 10, 2012

Tuesday Top Tips – Qualys SSL Labs

If you are configuring SSL on your website or online application (and you should be these days), use the resources over at Qualys SSL Labs. Read more

Apr 10, 2012

Death, Taxes, and Microsoft's Patch Tuesday

IT administrators in the US better have their taxes done already because Microsoft is sending plenty of work on Tuesday with six security bulletins, four of which are rated critical and could lead to remote exploitation by hackers. Read more

Apr 9, 2012

Microsoft's Patch Tuesday Will Address Exploits in Office 2010, IE9

4 of 6 bulletins rated critical Read more

Apr 5, 2012

Patch Tuesday Preview: 6 Security Bulletins, 11 Vulnerabilities, 4 Critical

Preview of April 2012 Security Bulletin Read more

Apr 5, 2012

Microsoft Slates Critical Windows, Office, IE Patches Next Week, Including 'Head-Scratcher'

Reveals Patch Tuesday's agenda, plans to fix 11 flaws with six security updates Read more

Apr 5, 2012

Apple Patches Malware-Targeted Java Bug

Apple released a patch for multiple Java vulnerabilities, a couple of days after a security vendor reported that password-stealing malware exploiting the flaws was floating about the Web. Read more

Apr 4, 2012

Apple Plugs Java Hole After Flashback Trojan Intrusion

6 weeks after Microsoft machines are patched... Read more

Apr 4, 2012

Apple Patches OS X Java Security Flaws

Apple recently released a Mac OS X update that patches 12 Java security flaws, including a vulnerability that was being actively exploited by the latest version of the Flashback Trojan. Read more

Apr 4, 2012

Apple Updates Java After Malware Spreads

One day after security researchers spotted active exploits taking advantage of gaping vulnerability in Java software running on Mac OS X machines, Apple released a fix. Read more

Apr 3, 2012

1.5 Million Infected with Drive-by Malware in February

Read more

Apr 3, 2012

BlackHole exploit targets Java bug through browser-based attacks

A recently discovered Java exploit will have many updating, or even removing, the program. Read more

Mar 30, 2012

Adobe Fixes Critical Security Flaws In Flash Player

Adobe Systems (NSDQ:ADBE) has released a Flash Player update that fixes two critical vulnerabilities and adds an automatic update feature. Read more

Mar 29, 2012

Adobe Auto-Update Eases Flash Update Chore - on Windows Only

Backdoors plugged without lifting a finger Read more

Mar 29, 2012

Digging into Verizon DBIR: Hacking, Malware, Cyber-Threats

While we all seized on the fact that hacktivists were reponsible for more than half of the data records stolen in 2011, Verizon's Data Breach Investigations Report had a few more gems. Read more

Mar 23, 2012

Hardening the Endpoint Operating System

Qualys CTO Wolfgang Kandek, talks about the effects of hardening the endpoint operating system and improving the resilience against common attacks. Read more

Mar 22, 2012

Microsoft Flaw Demonstrates Dangers Of Remote Desktop Access

Fear is that attackers will soon come up with exploits for targeted attacks, worms Read more

Mar 14, 2012

Malicious Proxies May Become Standard Fare

DNSChanger shows that funneling infected network traffic to central servers can enable massive fraud, but the technique has significant weaknesses, as well Read more

Mar 13, 2012

Your March 2012 Patch Update from Microsoft

Microsoft's March 2012 security update just landed. Read more

Mar 13, 2012

Microsoft Issues Urgent Patch for 'Wormable' RDP Vulnerability

Microsoft released six new security bulletins today for the March 2012 Patch Tuesday. Read more

Mar 13, 2012

Critical Windows Bug Could Make Worm Meat of Millions of High-Value Machines

Microsoft has plugged a critical hole in all supported versions of Windows that allows attackers to hit high-value computers with self-replicating attacks that install malicious code with no user interaction required. Read more

Mar 13, 2012

Microsoft Incites Madness with March's Patch Tuesday Release

Details emerge on Microsoft's most critical patch of the year Read more

Mar 13, 2012

Microsoft: Remote Desktop Protocol Vulnerability Should be Patched Immediately

Microsoft is urging organizations to apply the sole critical update in this month’s Patch Tuesday release as soon as possible. Read more

Mar 13, 2012

Patch Tuesday: Microsoft Fixes Critical Bug in Remote Desktop Protocol

This month's update from Redmond includes six security advisories, but a pair of IE zero-day exploits demonstrated at last week's Pwn2Own hacking contest remain unpatched. Read more

Mar 13, 2012

Dangerous Microsoft RDP Vulnerabilities Repaired in Patch Tuesday

Microsoft issued six security bulletins, including one critical update that addresses two serious Windows Remote Desktop Protocol (RDP) vulnerabilities that could be exploited by an attacker to take complete control of a system or prevent it from working properly. Read more

Mar 13, 2012

RDP Flaws Lead Microsoft’s March Patch Batch

Microsoft today released updates to sew up at least seven vulnerabilities in Windows and other software. Read more

Mar 13, 2012

Microsoft to Patch Windows Bug Called 'Holy Grail' by One Researcher

Announces next week's Patch Tuesday line-up, will fix 7 flaws in Windows, developer software Read more

Mar 9, 2012

The Week in Security: Microsoft, Google and Adobe

Although the number of patches in Microsoft's Patch Tuesday this month is relatively low, the pain point may come in the rebooting. Read more

Mar 9, 2012

Microsoft Plans Light Patch Tuesday for March

Microsoft has a relatively quiet Patch Tuesday planned for this month, with just six bulletins on the way for next week. Read more

Mar 8, 2012

March’s Patch Tuesday to Contain 6 Bulletins, Only One of Which is ‘Critical’

It’s that time of the month again, friends, when gather round the table to stare at the batch of fixes that Microsoft has compiled to respond to newly uncovered security issues in its products. Read more

Mar 8, 2012

DNSChanger-infected Machines Won't Be Disconnected, for Now

It's good news for the owners of the computers still infected by the DNSChanger malware Read more

Mar 7, 2012

Major Phishing Contributors and Enablers

Agari announced the first Annual Sumo Awards to dishonor phishing's biggest contributors and enablers. Read more

Mar 6, 2012

Virtual Scanners for Consultants, Enterprises and the Cloud

Qualys announced virtual scanner appliances for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance. Read more

Mar 1, 2012

IT Security & Network Security News & Reviews: RSA 2012: eWEEK Labs Picks the 21 Hottest Security Vendors

The RSA Conference 2012 (Feb. 27-March 2) will set the security agenda for the year. More than 300 companies are at the expo, but I've picked the 21 stops I'm making while in San Francisco. Read more

Feb 29, 2012

In Pictures: RSA Conference 2012 (Day 2)

Highlights from RSA Day 2 Read more

Feb 29, 2012

Surveying Policies, Controls and Compliance

Qualys unveiled a new service for its QualysGuard Cloud Platform and suite of integrated applications for security and compliance to help businesses further automate their compliance tasks and reduce the time and effort for manual assessment of IT and non-IT controls. Read more

Feb 29, 2012

RSA 2012: Qualys Updates Cloud Platform, Launches Web Application Firewall Service

The increasing adoption of cloud-based security services is an ongoing trend at RSA this year, and cloud security service provider Qualys chose the conference to announce a host of new modules for their QualysGuard cloud security platform and to take the wraps of their new QualysGuard Web Application Firewall (WAF) service. Read more

Feb 28, 2012

Automated managing of enterprise assets

Qualys announced the availability of hierarchical Dynamic Asset Tagging for its QualysGuard Cloud Platform and suite of applications for security and compliance. Read more

Feb 28, 2012

BSidesSF: Amol Sarwate on SCADA Security Challenges

In a presentation at the Security BSides San Francisco event, Amol Sarwate - Security Research Manager at Qualys - examined how SCADA security and advance persistent threats have now taken center stage. Read more

Feb 28, 2012

Expert Panel at RSA 2012: Who's Responsible for Cloud Security?

Experts discuss cloud security questions at CSA Summit Read more

Feb 27, 2012

0-day analysis service by Qualys

Qualys launched Zero-Day Risk Analyzer, a new service to help companies protect their IT systems against zero-day attacks which is delivered as part of the QualysGuard Cloud Platform Read more

Feb 27, 2012

#BSidesSF: Why SCADA security is such an uphill struggle

We've covered the troubles with SCADA security at length, but have yet to see a real consensus on how to proceed. Amol Sarwate, security research manager at Qualys, took a crack at making sense of things at BSidesSF Monday morning. Read more

Feb 27, 2012

Eradicating Malware from Enterprise Web Sites

Qualys announced a new service to help enterprises detect and eradicate malware from their web sites. Read more

Feb 27, 2012

IT Security & Network Security News & Reviews: RSA Conference 2012: Hot Security Products for Cloud, BYOD

This year marks the 20th anniversary of the RSA conference, and companies are descending on San Francisco's Moscone Convention Center with product announcements and demonstrations highlighting the latest and greatest in their security portfolios. Read more

Feb 27, 2012

Qualys Pushes Major Enhancements to its Flagship QualysGuard Suite

Qualys has a history of making major product announcements at the RSA Conference in San Francisco each year, and this year is no exception. Read more

Feb 27, 2012

RSA Conference 2012 Opens in San Francisco

The world’s top information security professionals and business leaders gathered for the opening of the annual RSA Conference being held at San Francisco’s Moscone Center. Read more

Feb 27, 2012

What's Hot at RSA This Week

Slideshow of hot products at RSA Conference 2012, including enterprise edition of the QualysGuard Malware Detection Service and QualysGuard Zero-Day Risk Analyzer Read more

Feb 26, 2012

Do you need to worry about the advanced persistent threat?

Qualys CTO discusses how to reduce susceptibility to attacks Read more

Feb 26, 2012

Better Information Sharing is the Future of Security, Experts Say

Potential seen for more proactive security following release of free threat intelligence feed Read more

Feb 24, 2012

Web Encryption That Works

SSL technology isn't perfect, but it can be an effective security tool for your organization. Here are four tips for optimizing its performance Read more

Feb 24, 2012

Five Schemes for Redeeming Trust in SSL

Creativity loves constraint and for security thinkers trying to shore up Web authentication today, that constraint is SSL/TLS Read more

Feb 21, 2012

Open Source Tool Detects Videoconferencing Equipment Vulnerabilities

New open source tool can detect whether a given videoconferencing system is vulnerable to attack Read more

Feb 17, 2012

The Decision to Strip Online Certificate Revocation Checks From Chrome Is Misguided, Symantec Says

Stripping OCSP (Online Certificate Status Protocol) and CRL (certificate revocation list) checks from Google Chrome could have dangerous implications because it will turn Google into a single point of failure, according to security vendor Symantec. Read more

Feb 17, 2012

Adobe Flash Flaw Under Attack, Update Issued

Cross-site scripting vulnerability in Flash is being targeted by emails containing malicious links Read more

Feb 16, 2012

The 8 Best Tips You'll Ever Get On How To Launch (And Grow) A Startup

Philippe Courtot is a well-known name in the security industry and for good reason. Read more

Feb 16, 2012

Oracle Plugs 14 Holes in Java

Oracle this week issued a critical patch update (CPU) that fixes 14 vulnerabilities in its Java SE product. Read more

Feb 16, 2012

Oracle’s Patches Address Java SE Security Flaws

Oracle released one CPU (critical patch update), which plugs 14 security holes within one of its products namely Java SE Read more

Feb 16, 2012

Microsoft, Oracle, Adobe Send Patches for Valentine's Day

Details come forward on Valentine's Day/Patch Tuesday security bulletins from Microsoft, Adobe and Oracle Read more

Feb 14, 2012

February 2012 Patch Tuesday: Critical IE, Windows Kernel Flaws Fixed

Microsoft repaired 23 vulnerabilities this month Read more

Feb 14, 2012

February Patch Tuesday Lighter Than Expected

It turns out that this February Patch Tuesday is lighter than we had anticipated. Read more

Feb 14, 2012

Microsoft to Fix Internet Explorer Hole

Patch Tuesday to include nine fixes for 21 vulnerabilities. Read more

Feb 13, 2012

Microsoft to Fix Internet Explorer Hole

Patch Tuesday to include nine fixes for 21 vulnerabilities Read more

Feb 13, 2012

Microsoft to Patch 21 Bugs Tuesday

Microsoft previews fixes in apps including Internet Explorer and Windows. Read more

Feb 10, 2012

Critics Slam SSL Authority for Minting Certificate for Impersonating Sites

Critics are calling for the ouster of Trustwave as a trusted issuer of secure sockets layer certificates after it admitted minting a credential it knew would be used by a customer to impersonate websites it didn't own. Read more

Feb 9, 2012

Microsoft to Issue More Critical Patches Next Week for Win7 Than XP

IE update likely the one users will want to apply ASAP, say researchers Read more

Feb 9, 2012

Valentine's Day Patch Tuesday: Microsoft to Issue 9 Patches, 4 Critical

Progress continues as Microsoft will issue fewest February patches since 2009 Read more

Feb 9, 2012

Microsoft Issues Patch Plans, Includes Internet Explorer Fix

Microsoft on Thursday posted its plans for next week's Patch Tuesday. Read more

Feb 9, 2012

Patch Tuesday Preview, February 2012

Qualys CTO's assessment of this month's Patch Tuesday. Read more

Feb 9, 2012

Microsoft's February Patch Tuesday Fixes 21 Bugs

Microsoft is expected to show some love for Windows administrators on Valentine's Day, with nine patches fixing 21 vulnerabilities in February's Patch Tuesday release. Read more

Feb 9, 2012

Microsoft Ruining Valentine's Day with Nine Security Bulletins

Next Tuesday is a big deal. Read more

Feb 9, 2012

Marlinspike Asks Browser Vendors to Back SSL-Validator

'Convergence' open source dev needs vendors to balance the load Read more

Feb 8, 2012

Hackers May Be Able to 'Outwit' Online Banking Security Devices

Investigators probe malware threat to 2-factor authentication Read more

Feb 6, 2012

FBI Prepares to Shut Down DNSChanger Temporary Servers, Infections Remain

Thousands of computers still infected with the DNSChanger Trojan will not be able to access the Internet after the FBI shuts down its temporary servers March 8. Read more

Feb 5, 2012

Oracle Patches DoS Flaw in Database 10g, WebLogic, iPlanet

Oracle patched three products to address a vulnerability in Web Application frameworks that could cause a denial of service due to hashing collisions. Read more

Feb 2, 2012

Half of Fortune 500 Firms Infected with DNS Changer

Machines will be cut off from the Web next month, say experts Read more

Feb 2, 2012

Detecting the DNS Changer Malware

DNS servers handling traffic of infected machines will be shutdown in March, cutting off Internet access to those infected. Read more

Feb 1, 2012

Symantec Patches PCAnywhere, But Should You Delete

Symantec says hotfix 'eliminates known vulnerabilities,' but hackers could use source code to exploit unknown holes. Some users will want to delete the app entirely. Read more

Feb 1, 2012

CSO Interchange: Cloud Concerns Are Largely Propaganda

Last week’s CSO Interchange roundtable centered on “Barriers to Cloud Adoption”, with talks on identity issues from Jericho Forum’s Paul Simmonds and SSL from security researcher Moxie Marlinspike. Read more

Jan 30, 2012

Qualys Expands Its FreeScan Service

Qualys announced its new and improved FreeScan service to help SMBs audit and protect their web sites from security vulnerabilities and malware infections. Read more

Jan 20, 2012

Is Oracle Neglecting Database Security?

Oracle's big critical patch update on Jan. 17 set a record for the fewest fixes for database products--only two of the 78 total fixes in the CPU. Read more

Jan 20, 2012

Oracle Scorned for Paltry Database Patches

With only two of many reported vulnerabilities fixed in Oracle's latest update, the database security community questions Oracle's patch bottleneck. Read more

Jan 19, 2012

Oracle Patches 78 Vulnerabilities

Oracle publishes Critical Patch Updates (CPUs) on a quarterly schedule. Read more

Jan 18, 2012

Oracle Repairs Two Database Flaws, Issues 78 Patches to Product Line

Oracle repaired two flaws in its database management system as part of its quarterly update this week that included 78 patches across its product portfolio. Read more

Jan 18, 2012

Oracle Squashes 78 Software Bugs in Latest Patch

Oracle yesterday deployed 78 different security fixes aimed at patching holes throughout its various database products. Read more

Jan 18, 2012

Oracle CPU Contains Lowest Number Of Database Fixes Ever

Database security community concerned about Oracle's patch bottleneck Read more

Jan 18, 2012

Oracle Readies 16 Highly Critical Security Patches

Oracle (NSDQ:ORCL) plans to release next week dozens of security patches, 16 highly critical, for most of the software maker's products. Read more

Jan 13, 2012

Reactions from the Security Community to the Trustworthy Computing Initiative

Comments on the Trustworthy Computing Initiative that Help Net Security received from industry veterans. Read more

Jan 13, 2012

Slow Read Attack: A New HTTP Denial of Service Attack

A new HTTP-based threat, dubbed a "Slow Read attack" aims to cause an undetected Denial of Service (DoS) by exploiting a transmission control protocol (TCP) persist timer vulnerability. Read more

Jan 12, 2012

Adobe Plugs 6 Critical Holes in Reader

Also gives IT admins more control over PDF docs' oft-exploited JavaScript Read more

Jan 11, 2012

Microsoft and Adobe Release First Major Patch Bundles of 2012

Microsoft released seven bulletins last night to fix one critical issue on its first Patch Tuesday of 2012. Read more

Jan 11, 2012

Media Player, Security Bypass Are Focus of Microsoft's First Patch Tuesday of 2012

Of the seven bulletins issued as part of Microsoft's first Patch Tuesday of the year, researchers agree that a vulnerability affecting Windows Media Player should be the first one patched. Read more

Jan 10, 2012

Microsoft Releases Seven Bulletins

Qualys CTO Wolfgang Kandek on this month's Patch Tuesday Read more

Jan 10, 2012

Adobe Repairs Critical Reader, Acrobat Flaws, Adds JavaScript Control

Adobe Systems Inc. issued its quarterly security update Tuesday, repairing six critical vulnerabilities in its Reader and Acrobat software. Read more

Jan 10, 2012

Exploit Code for Recent ASP.NET DoS Flaw Made Public

The ASP.NET DoS flaw that has recently been revealed at the Chaos Communication Congress in Berlin has been patched by Microsoft in almost record time, but users who have not already implemented the patch should definitely hop to it Read more

Jan 10, 2012

Microsoft Slays the BEAST, and Six Other Patch Tuesday Updates

Microsoft has released a total of seven security bulletins – one ranked as “critical”, with the remaining 6 designated merely as “important” Read more

Jan 10, 2012

Microsoft January 2012 Patch Tuesday Issues Windows Media Fix, Resolves SSL Protocol Weakness

Microsoft issued seven security bulletins, including one “critical” bulletin, repairing a serious Windows Media Player flaw that could be exploited in dangerous drive-by website attacks. Read more

Jan 10, 2012

Microsoft's First 2012 Patch Tuesday Offers One Critical Fix

Microsoft (NSDQ:MSFT) released Tuesday one critical bulletin in a package of seven that comprised the company's first monthly patch release of the year. Read more

Jan 10, 2012

New Denial of Service Vulnerability Detailed, Doesn't Require Many PCs

What you may not know is that there are denial of service (DoS) methods that don't need to be so distributed. Read more

Jan 7, 2012

New Slow-Motion DoS Attack: Just a Few PCs, Little Fear of Detection

Qualys Security Labs researcher Sergey Shekyan has created a proof-of-concept tool that could be used to essentially shut down websites from a single computer with little fear of detection. Read more

Jan 7, 2012

Microsoft to Start 2012 with Seven Bulletins on Patch Tuesday

Microsoft has announced that it will release seven bulletins addressing eight vulnerabilities on its first patch Tuesday of 2012. Read more

Jan 6, 2012

Adobe Plans Fixes for Critical 3D Bugs in Reader, Acrobat X

Adobe will fix a slew of security flaws in Reader and Acrobat, including the critical 3D vulnerabilities that were discovered in December, as part of its quarterly update. Read more

Jan 6, 2012

MetricStream, Qualys Partnership Brings Security and Risk Intelligence to IT-GRC

Qualys and MetricStream announce integration of MetricStream IT-GRC Solution with QualysGuard Vulnerability Management Read more

Jan 6, 2012

Microsoft's 2012 Inaugural Security Patch to Include 7 Fixes

January's Security Update from Microsoft, arriving next Tuesday, will feature six fixes for Windows and one fix for Microsoft developer tools, according to the company's advance notice. Read more

Jan 5, 2012

Researcher Devises Hard-to-detect Denial-of-service Attack Against HTTP Servers

New HTTP denial-of-service (DoS) attack relies on prolonging the time clients need to read Web server responses. Read more

Jan 5, 2012

Microsoft to Start New Year With Seven Security Bulletins

Microsoft plans to start the new year with a relatively large number of security bulletins covering eight vulnerabilities. Read more

Jan 5, 2012

Microsoft Plans 7 Fixes for January Patch Tuesday

Microsoft is planning seven fixes for January's Patch Tuesday release that will address bugs in all versions of Windows and possibly for the SSL/BEAST flaw. Read more

Jan 5, 2012

Rated Critical: A Microsoft Security Blog

How can Microsoft's only unscheduled patch of 2011 help predict its security success in 2012? Read more

Jan 5, 2012

The Year in Security: A Look Back at 2011 and Trends for 2012

Reflecting on security events of 2011 to plan for 2012 Read more

Jan 4, 2012

MetricStream and Qualys Partnership Brings Actionable Security and Risk Intelligence to IT-GRC

ntegration partnership enables corporations to continuously take full inventory of their IT assets Read more

Jan 4, 2012

Cyberthreats Evolve, Start-ups Responding

Types of security threats companies face have shifted dramatically in recent years. Read more

Jan 4, 2012

Microsoft Publishes Workaround for ASP.NET Vulnerability

Advisory provides workaround to help protect ASP.NET customers from a publicly disclosed vulnerability that affects various web platforms Read more

Jan 3, 2012

No Shelter From a Cybercrime Storm

Denial of service hole closed Read more

Jan 3, 2012

Qualys Solutions
Qualys Community
Free Tools & Trials
Free Trial

Nothing to install or download!

1 (800) 745 4355